Data of 100 Million JustDial Customers Left Unsecured for Over a Year

3 years ago 63
BOOK THIS SPACE FOR AD
ARTICLE AD

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News

The Personally Identifiable Information (PII) of approximately 100 million users of local business listing site JustDial was at stake after an Application Programming Interface (API) was left exposed for over a year. 

JustDial is an Indian internet technology firm that offers local search for a variety of services in India via phone, Internet, and mobile apps. 

However, a fix appears to have protected the PII data, which includes users’ names, gender, profile photos, email addresses, phone numbers, and birthdates. 

Rajshekhar Rajaharia, an independent internet security researcher who first tweeted about this on Tuesday, informed BusinessLine that after discovering the data breach, he contacted the organization, and it was patched and fixed promptly. 

“The company’s data was exposed since March 2020, though we can’t say yet if they have been leaked. We will only know once JustDial releases an audit report on it,” Rajaharia stated. 

Further, he added that JustDial needs an audit because the system may have other flaws. JustDial did not respond to an email requesting a statement. 

JustDial became a Mukesh Ambani group firm just ten days ago when Reliance Retail bought a 41% stake in it for $3,497 crore. Bill payments and recharge, groceries and food delivery, and reservations for restaurants, cabs, movie tickets, plane tickets, and events are among the ser

[…]

Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: Data of 100 Million JustDial Customers Left Unsecured for Over a Year

Read Entire Article